<?php 
/* P3(c)

******************************************************************************
                                                                                      
                         __                                                        
                        /__)                                                       
                       /__        P3 - moving Technologie            
                        __)                                                          
                        __)                                                          
                                                                                        
                                                                                        
       Copyright 2009 by p3.co.at                                                                                 
                                                                                        
       visit www.p3.co.at to get more Informations 
       about Teriko - Betriebsdatenerfassung                                                                                 
       - it's not allowed to change this scripts
       - it's not allowed to remove this copyright-tag

       -- you can download the complete license   
          under http://www.teriko.org

 (c) by Patrik Pfaffenbauer and P3 (http://www.p3.co.at)

 | Programname: P3.Teriko
 | Authtor: P3.Verein
 | Coder: Patrik Pfaffenbauer
 | Version: 0.1

 | Change Index
 |_____________________________________________
 |                                             |
 |4.3.2010 Erstellung | Patrik Pfaffenbauer    |
 |_____________________________________________|

******************************************************************************

P3(c) */
include("_config.php");
$perm = new Permission();

if(!$perm->permission->editPermission)
{
	echo '//<script>
	alert(\''.$GLOBALS['lang']->GetLanguage("Permission", "noSavePermission").'\');
	Redirect(\'index.php\');
	//</script>';
	return;
}

$groupid = $_GET['groupid'];

if($_GET['type'] == "groups")
{
	$userid = $_GET['userid'];
	$query = "SELECT * FROM ".$tbluser." WHERE id=".$userid;
	$res = $GLOBALS['db']->Fetch($GLOBALS['db']->Query($query));
	
	$res2 = $GLOBALS['db']->Fetch($GLOBALS['db']->Query("SELECT * FROM ".$tblusergroup." WHERE id=".$groupid));
	
	if($_GET['action'] == "add")
	{
		AddUserToGroup($userid, $groupid);
		$string = str_replace("{0}", "<strong>".$res->firstName." ".$res->lastName."</strong>", $GLOBALS['lang']->GetLanguage("Permission", "user2GroupEditAdd"));
		$string = str_replace("{1}", "<strong>".$res2->description."</strong>", $string);
	}
	else
	{
		RemoveUserFromGroup($userid, $groupid);
		$string = str_replace("{0}", "<strong>".$res->firstName." ".$res->lastName."</strong>", $GLOBALS['lang']->GetLanguage("Permission", "user2GroupEditDelete"));
		$string = str_replace("{1}", "<strong>".$res2->description."</strong>", $string);
	}

	echo $string;
}
else
{
	$write = GetSqlBool($_GET['write']);
	$read = GetSqlBool($_GET['read']);
	$delete = GetSqlBool($_GET['delete']);
	$special = GetSqlBool($_GET['special']);
	
	$module = $_GET['moduleid'];
	
	$query = "SELECT * FROM ".$tblpermission." WHERE moduleID='".$module."' AND groupID='".$groupid."'";
	$res = $GLOBALS['db']->Query($query);
	
	if($GLOBALS['db']->NumRow($res))
	{
		//UPDATE
		$query = "UPDATE ".$tblpermission." 
				SET 
				readPermission='".$read."', 
				editPermission='".$write."', 
				deletePermission='".$delete."', 
				specialPermission='".$special."' 
				WHERE moduleID='".$module."' AND groupID='".$groupid."'";
	}
	else
	{
		//INSERT
		$query = "INSERT INTO ".$tblpermission." 
		(moduleID, 
		groupID, 
		readPermission, 
		editPermission, 
		deletePermission, 
		specialPermission) 
		VALUES
		('".$module."', '".$groupid."', '".$read."', '".$write."', '".$delete."', '".$special."')";
	}

	$GLOBALS['db']->Query($query);
	
	$query = "SELECT * FROM ".$tblmodules. " WHERE moduleID=".$module;
	$res = $GLOBALS['db']->Fetch($GLOBALS['db']->Query($query));
	
	echo str_replace("{0}", "<strong>".$GLOBALS['lang']->GetLanguage(ucfirst($res->name), "title")."</strong>", $GLOBALS['lang']->GetLanguage("Permission", "permissionEdit"));
}

?>